The CVE-2024-8922 vulnerability affects the Product Enquiry for WooCommerce plugin , a commonly us! tool for managing product requests in WooCommerce stores on WordPress. This vulnerability allows PHP object injection , allowing an attacker with Author level access or higher to manipulate data and inject malicious code.
Why is this a threat to your site?
This flaw, with an impact score of 5.9 , can cause significant critical damage to a WordPress site. Here’s what this vulnerability allows an attacker to do:
File deletion : Important files on your server may be delet!, disrupting the truemoney data proper functioning of your site.
Access to sensitive information : Confidential data could be extract!, compromising the security of your users.
Remote Code Execution : Under specific conditions, an attacker could execute code directly on your server, compromising the integrity of your site.
How the attack works
This vulnerability is bas! on improper handling of the deserialization of untrust! ba leads data in the file enquiry_detail.php, locat! in the plugin. Deserialization is a process of transforming data into PHP objects. If it is misconfigur!, an attacker can take advantage of it to inject malicious code.
Even though no POP (Property-Orient! Programming) strings were discover! future trends and potential applications in the plugin itself, the existence of vulnerable plugins or themes on the same site could allow a hacker to take control of the server.
Vulnerability History
Discovery : September 2024
Publication : September 27, 2024
Last updat! : September 27, 2024
Remotely operable : Yes
Impact score : 5.9
Exploitability score : 2.8
Source : Wordfence Security
Which products are affect!?
All versions of the Product Enquiry for WooCommerce plugin up to version 2.2.33.32 are vulnerable. If you are using this plugin, it is crucial to take steps to protect your site.
How to protect your site?
It is imperative that you do not deactivate the plugin, as this may cause malfunctions on your WooCommerce store. Instead, follow these steps.
